Thought leadership for banking and financial services professionals

Fighting digital banking fraud – Part 2: Mitigate the threat

Posted on July 31st, 2017

As we explored in the first part of this two-part guide, digital banking fraud is an escalating threat to financial institutions and their customers.

Digital banking fraud can take many forms, such as identity fraud and account takeover, which are becoming increasingly common. The 2017 Identity Fraud Study from Javelin Strategy & Research revealed that the number of US consumers falling victim to identity fraud rose by 16 percent to 15.4 million in 2016. Total account takeover losses also jumped by 61 percent to $2.3 billion.

In the UK, meanwhile, fraud prevention service Cifas recently revealed that identity fraud has hit an unprecedented high, with 172,919 instances in 2016. It now accounts for more than half of all fraud recorded by the group.

It’s clear that financial institutions need to be taking full advantage of all the tools at their disposal to combat digital banking fraud. So what are the key systems and safeguards you should have in place to protect your customers and your organization?

Multi-factor authentication

Having a multi-layered authentication process for digital banking can be an extremely useful tool in preventing fraudsters from accessing individual accounts online.

One type of two-factor authentication combines something the customer knows, such as a password or PIN, with something they have, such as a card reader or a mobile phone to receive a single-use passcode. This additional layer of security makes it much more difficult for criminals to hack into accounts.

Modern financial institutions also benefit from access to next-generation authentication technologies such as biometrics. Many consumers are already accustomed to using their fingerprint to unlock their smartphone, so it follows that this technology could and should be used to strengthen digital banking security.

Earlier this year, Lloyds Banking Group started a collaboration with Microsoft to try out biometric authentication for Windows 10 users logging into online accounts with Lloyds, Halifax and Bank of Scotland. During the second half of 2017, these customers will be given the option to use the Windows Hello system to log in to their accounts via facial or fingerprint recognition, rather than their passwords.

Gill Wylie, chief operating officer for group digital and transformation at Lloyds Banking Group, said: “With customer experience and security at the forefront of our minds, we are keen to run this pilot to explore the new functionality Windows Hello could give our customers.”

Tracking non-financial data

In order to get an in-depth, holistic view of the activity taking place on customer accounts, banks should be studying trends in online account logins, clickstreams and other metrics to highlight any anomalous activity. Tracking IP addresses can also be an effective way of identifying suspicious logins or transactions.

It’s also possible that we could see an increase in banks looking to data sources such as social media to improve fraud detection. Speaking to International Business Times, Antony Duffy, director of retail banking at Fujitsu, said “intelligent use of data” such as investigating connections and trends on social media is becoming more common in the financial services industry.

Developments in technology have given modern financial institutions a big advantage in their efforts to fight digital banking fraud through the evaluation of non-financial data. Innovation in areas such as machine learning and data analytics has led to the development of highly sophisticated fraud detection and prevention tools.

Effective KYC procedures

An efficient know-your-customer (KYC) process is important for many reasons, chiefly so the bank knows who it is doing business with in order to prevent money laundering, but also to strengthen understanding of consumers and their financial lives.

As far as digital banking fraud is concerned, a recent initiative in Singapore has shown how digital KYC procedures can help to combat this threat by reducing the amount of sensitive customer data being transferred electronically, Finextra reported.

The Monetary Authority of Singapore (MAS) trialed a KYC system based on the MyInfo personal data platform, which contains government-verified details such as national ID numbers and residential addresses. Storing data in this way means citizens only need to provide their information once and these details can be retrieved for future online transactions with the government.

In the MAS trial, the MyInfo service was extended to the financial services industry, an approach that could help to keep sensitive data out of the reach of fraudsters. However, Sopnendu Mohanty, chief fintech officer at Singapore’s central bank, said that before going “full e-KYC”, there needs to be a “national strategy for digital identity”.

“That’s the core, the engine. And you can build the KYC digital attributes around it, and then the distribution of the data in a safe and secure way,” he added.

Educating consumers

Educating the public on basic practices such as using strong passwords, protecting their personal data and looking out for suspicious activity on their accounts is one of the most effective ways to fight digital banking fraud.

Most consumers are aware of how serious the threat is, but it’s easy for someone who has never experienced fraud to fall into the trap of thinking it will never happen to them. It’s therefore important for banks to look for the most effective ways of keeping consumers informed and promoting best practice, whether it’s through email, direct mail or by posting information online about common scams and how to avoid them.

Both Javelin and Cifas underlined the importance of people staying safe on social media. Strong security and privacy settings are crucial and users should avoid sharing details such as their date of birth, address and contact information.

Banks should also communicate the importance of positive consumer habits such as using strong, up-to-date anti-virus software, not accessing online banking via public Wi-Fi networks and signing up for notifications of potentially suspicious account activity.

Al Pascual, senior vice president, research director and head of fraud and security at Javelin, said: “To successfully fight fraudsters, the industry needs to close security gaps and continue to improve, and consumers must be proactive too.”

It is through partnership, communication and information-sharing between consumers and financial institutions – combined with evolution in technology and detection methods – that the retail banking industry will begin to make real progress in the battle against digital banking fraud.

Image credit: iStock/fivepointsix

Written by Dena Hamilton

Dena is NCR's Director of Enterprise Fraud & Security Software Solutions. She specializes in fraud, risk, compliance and security, with over 35 years of experience in the financial services space. Her focus is the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.